Hi all,
A new stable release of my firewall which mainly brings some small
tweaks & improvements.
You can grab it from:
http://rocky.eld.leidenuniv.nl/arno-iptables-firewall/arno-iptables-firewall_2.0.1a.tar.gz
CHANGELOG:
Version 2.0.1a (March 7, 2012)
----------------------------------------
* Misc. tweaks for arno-fwfilter (thanks Mark van Dijk)
* Use ls instead of [ -n (find) ] as it's much faster (thanks Lonnie)
* As with previous versions, when LAN_INET_OPEN_xxx and
LAN_INET_HOST_OPEN_xxx are NOT defined the default LAN->INET policy is
ACCEPT. Changed is when *any* of these variables are defined the default
LAN->INET policy is DROP for all ports and protocols, not just
TCP/UDP/IP as before.
* As with previous versions, when DMZ_INET_OPEN_xxx and
DMZ_INET_HOST_OPEN_xxx are NOT defined the default DMZ->INET policy is
ACCEPT. Changed is when *any* of these variables are defined the default
DMZ->INET policy is DROP for all ports and protocols, not just
TCP/UDP/IP as before.
* Tweak the handling of some of the sysctl kernel settings. This now
also allows disabling setting/resetting some settings (like forwarding)
* Default UDP connection timeout to 60 seconds
+ Added support for new LOCAL_CONFIG_DIR variable, defaults to
"/etc/arno-iptables-firewall/conf.d" (Debian bug #658458)
! Set default policy to DROP if either LAN_INET_HOST_OPEN_xxx or
DMZ_INET_HOST_OPEN_xxx are defined, to match the documentation. (thanks
Schilling Thomas Ing for reporting)
* Improve documentation
Njoy!
--
Arno van Amersfoort
E-mail : arnova at rocky.eld.leidenuniv.nl
Donations are welcome through Paypal!
---------------------------------------------------------------------------
Arno's (Linux IPTABLES Firewall) Homepage:
http://rocky.eld.leidenuniv.nl
From - Thu